June 30, 2011

Unlike other military technologies, there’s almost no way to stop proliferation of cyberweapons

Four and a half million PCs, many of them in the U.S., are infected with what security researchers at internet security specialists Kaspersky Lab describe as an “indestructible” form of malware. They are doing everything from taking down websites with Ddos attacks to acting as a conduit for up to 30 other pieces of malware.

This malware, known as TDL4, deploys a number of clever tricks to guarantee its own survival, including one borrowed straight from the world’s most sophisticated cyberweapon, Stuxnet.

The thing about computer viruses is that in one important respect they are exactly like their biological equivalents: through lateral gene transfer (or coders copying one another’s best ideas) enhancements to viruses’ tenacity or lethality can rapidly spread through a population of infectious agents.

And so it is with Stuxnet – one of the vulnerabilities that it exploits was previously unknown. Then those exploits went public and – surprise! – now one of them is in TDL4. Of course, once the vulnerability was known, Microsoft has a chance to patch it; plenty of machines remain un-updated, however, allowing TDL4 to exploit this vulnerability.

The thing about cyberweapons is that, unlike, say, the atom bomb, which has taken decades to propagate across the globe, as soon as a piece of malware is uncovered, its code can be deconstructed and the community of of black-hat hackers who would use it for their own purposes can immediately absorb its lessons.

In this way, cyberweapons lend themselves to a unique kind of ultra-rapid proliferation. Once the genie is out of the bottle, everyone who isn’t up to date with the latest patches is vulnerable.